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Description 

AN APPRATUS AND METHOD FOR 
AUTONOMIC EMAIL ACCESS CONTROL 

Background of Invention 

[0001] The present invention relates to a computer implemented 
method for controlling communication between networks 
and among a plurality of users, specifically, sharing of 
documents while controlling access to databases refer- 
enced in the documents, and maintaining an accessible 
record of all recipients of the shared document. 

[0002] sharing of information in the current environment of sys- 
tems is dependent on the proprietor of the information. In 
order to make the information available to a widely dis- 
persed public, the proprietor will need to submit the in- 
formation to a central repository. Work groups are com- 
mon in the corporate environment, and the sharing of 
group information is a successful component of the work 
group dynamic. Work group documents may contain any 
combination of text, numbers, computer program source 



code, computer hardware schematics or layouts, database 
records, database references, digitized audio, digitized 
video, digitized visual images, or other digital informa- 
tion. The availability of this information is dependent 
somewhat upon the availability of the repository and the 
awareness of other people having access to the reposi- 
tory. Generally, when submitting to a widely available 
repository, the originator or proprietor does not have 
complete control over the access to the submitted infor- 
mation. Secrecy controls, when applicable, attempt to al- 
low members of the work group to review and edit the 
documents while preventing such access by others out- 
side the group. 

[0003] Access control lists have been introduced to enhance se- 
curity control measures. System users are assigned to one 
or more groups by a system administrator, and an access 
list, which matches groups with access rights, is associ- 
ated with documents in the computer system. Going one 
step further, some work groups encrypt their documents. 
In an encrypted form, the documents cannot be under- 
stood. An encryption "key" is required to decrypt the doc- 
ument. In U.S. Patent No. 5,787,175 issued to Carter on 
July 28, 1998, entitled, "METHOD AND APPARATUS FOR 



COLLABORATIVE DOCUMENT CONTROL," a combination of 
public-key cryptographic methods, symmetric crypto- 
graphic methods, and message digest generation meth- 
ods are used for controlling collaborative access to a work 
group document. Users who are currently members of a 
collaborative group can readily access the information, 
while users who are not currently members of the group 
cannot. Although access control is defined, an automated 
method of notifying the originator and acquiring the orig- 
inator's approval for access to the referenced databases 
identified within the originator's document to forwarded 
recipients of the document is not disclosed or taught. Nor 
is the tracking path of the shared document retained or 
filed for later inspection by the originator. 
[0004] | n u.S. Patent No. 6,356,010 issued to Viets, et al., on 
March 12, 2002, entitled, "SYSTEM AND METHOD FOR 
CONTROLLING ACCESS TO DOCUMENTS STORED ON AN 
INTERNAL NETWORK," a system for limiting access from 
an external network to documents stored on an internal 
network is taught. A client list is built in which each client 
is assigned to one or more roles. Each role has access to 
one or more documents. A requested document is com- 
pared to the document list associated with the client's 



role, and if the requested document is in the list of docu- 
ments available to the client in the client's role, the re- 
quested document is retrieved. Again, an automated 
method of notifying the originator and acquiring the orig- 
inator's approval for access to the referenced databases 
identified within the originator's document to forwarded 
recipients of the document is not disclosed or taught. Nor 
is the tracking path of the shared document retained or 
filed. Thus, the originator does not have the ability to 
learn of those interested in his or her work. 

[0005] under these control access schemes, even when informa- 
tion is available in a central database, a user's attention is 
not automatically drawn to the value of this information. 
Nor is the originator's attention drawn to the information 
needs of others reviewing the document, which would 
provide insight as to the valued perception attributed by 
the document reviewers. 

[0006] | n u.S. Patent No. 6,212,534 issued to Lo, et al., on April 
3, 2001, entitled, "SYSTEM AND METHOD FOR FACILITAT- 
ING COLLABORATION IN CONNECTION WITH GENERATING 
DOCUMENTS AMONG A PLURALITY OF OPERATORS USING 
NETWORKED COMPUTER SYSTEMS," document information 
relating to documents being generated is stored along 



with a user module; the document information including 
both document structure and document content. The user 
module includes a whiteboard display module to display a 
whiteboard to a user, selectively displaying document 
structure and content. Notecards are assigned to asso- 
ciate documents in a hierarchical organization, and stored 
separately from each other. Each notecard represents and 
effectively contains a content item, which may be used in 
a document. Lo, however, does not teach or disclose the 
tracking path of the shared document retained or filed for 
later inspection by the originator. Moreover, any com- 
ments made by an operator regarding a specific document 
are performed and retained on an associated notecard 
that is displayed on the separate whiteboard. 

[0007] Bearing in mind the problems and deficiencies of the prior 
art, it is therefore an object of the present invention to 
provide an apparatus and method for autonomic email ac- 
cess control of shared documents. 

[0008] it is another object of the present invention to provide an 
apparatus and method for autonomic email access control 
of shared documents that maintain the tracking path of 
the shared document retained or filed for later inspection 
by the originator. 



[0009] a further object of the invention is to provide an appara- 
tus and method for autonomic email access control of 
shared documents that allows the originator to assign ac- 
cess authorization for database links within a document, 
and expand the review of the shared information. 

[0010] it is yet another object of the invention to provide an ap- 
paratus and method for autonomic email access control of 
databases links referenced within shared documents to 
allow the originator to assign access information regard- 
ing referenced databases within an emailed document. 

[° 011 ] Still other objects and advantages of the invention will in 

part be obvious and will in part be apparent from the 

specification. 
Summary of Invention 

[0012] The above and other objects and advantages, which will 
be apparent to one of skill in the art, are achieved in the 
present invention, which is directed to, in a first aspect, a 
method of autonomic building and updating access con- 
trol for referenced databases in documents sent via email 
by an originator to addressees, comprising: dynamically 
updating an access control list of the addressees for the 
originator of the email; tracking distribution routes of the 
documents in a repository; and providing a request to the 



originator and a response from the originator to any of 
the addressees for approving, altering, or rejecting the 
access of said referenced databases in said documents. 
The method further comprises building and accessing the 
document through usage of a common email system, and 
tracking recipients of the email that are linked to the doc- 
ument. The method includes generating a database re- 
quest table including identifying database servers, ad- 
dressees, and types of access control. The types of access 
control include view, edit, author functions, or an access 
denied function. Providing the request to the originator 
includes having the originator receive the request in the 
form of an email that provides a mechanism for approv- 
ing, rejecting, or altering each access control list for each 
new addressee, and building an appropriate database 
transaction for each database server. The method further 
comprises determining whether the addressees and ac- 
cess requests for each of the addressees match the access 
control list within each of the databases, and updating the 
access control list to match the database transaction. 
[0013] The method further includes the deployment of the pro- 
cess software, the deployment comprising: installing the 
process software on at least one server; identifying server 



addresses for users accessing the process software on the 
at least one server; installing a proxy server if needed; 
sending the process software to the at least one server via 
a file transfer protocol, or sending a transaction to the at 
least one server containing the process software and re- 
ceiving and copying the process software to the at least 
one server's file system; accessing the process software 
on a user's client computer file system, or sending the 
process software to users via email; and executing the 
process software by the users. The step of installing the 
process software further comprises: determining if pro- 
grams will reside on the at least one server when the pro- 
cess software is executed; identifying the at least one 
server that will execute the process software; and trans- 
ferring the process software to the at least one server's 
storage. The step of accessing the process software in- 
cludes having the at least one server automatically copy- 
ing the process software to each client computer, running 
an installation program at each client computer, and exe- 
cuting the installation program on the client computer. 
Sending the process software to the users via email fur- 
ther comprises identifying the users and addresses of the 
client computers. Executing the process software by the 



users includes sending the process software to directories 
on the client computers. 
[0014] The method comprises the integration of process software 
for updating access control for referenced databases in 
documents sent via email by an originator to addressees, 
the integration comprises: determining if the process 
software will execute on at least one server; identifying 
the at least one server address, including checking the at 
least one server for operating systems, applications, net- 
work operating systems, or version numbers for validation 
with the process software, and identifying any missing 
software applications that are required for integration; 
updating the operating systems, the applications, or the 
network operating systems that are not validated for the 
process software, and providing any of the missing soft- 
ware applications required for the integration; identifying 
client addresses and checking the client's computers for 
operating systems, applications, network operating sys- 
tems, or version numbers for validation with the process 
software, and identifying any missing software applica- 
tions that are required for integration; updating the 
client's computers with the operating systems, the appli- 
cations, or the network operating systems that are not 



validated for the process software, and providing any of 
the missing software applications required for the inte- 
gration; and installing the process software on the client's 
computers and the at least one server. 
[0015] The method may further comprise on demand sharing of 
process software for updating access control for refer- 
enced databases in documents sent via email by an origi- 
nator to addressees, the on demand sharing comprising: 
creating a transaction containing unique customer identi- 
fication, requested service type, and service parameters; 
sending the transaction to at least one main server; 
querying the server's central processing unit capacity for 
adequate processing of the transaction; and allocating ad- 
ditional central processing unit capacity when additional 
capacity is needed to process the transaction, and sending 
the additional central processing unit capacity to the 
server, or checking environmental capacity for processing 
the transaction, including network bandwidth, processor 
memory, or storage, and allocating the environmental ca- 
pacity as required. The method further includes recording 
usage measurements including network bandwidth, pro- 
cessor memory, storage, or the central processing unit 
cycles. The method may also comprise summing the us- 



age measurements, acquiring a multiplicative value of the 
usage measurements and unit costs, and recording the 
multiplicative value as an on demand charge to a request- 
ing customer. Moreover, the method may include posting 
the on demand charge on a web site if requested by the 
requesting customer, or sending the demand charge via 
email to the requesting customer's email address. In addi- 
tion, the method may include charging the on demand 
charge to the requesting customer's account if an account 
exists and the requesting customer selects a charge ac- 
count payment method. 
[0016] The method includes deploying, accessing, and executing 
process software for updating access control for refer- 
enced databases in documents sent via email by an origi- 
nator to addressees through a virtual private network, the 
method further comprising: determining if the virtual pri- 
vate network is required; checking for remote access of 
the virtual private network; if the remote access does not 
exist, identifying a third party provider to provide secure, 
encrypted connections between a private network and re- 
mote users, identifying the remote users, and setting up a 
network access server for downloading and installing 
desktop client software for remotely accessing the virtual 



private network; accessing the process software; trans- 
porting the process software to the remote user's desk- 
top; and executing the process software on the remote 
user's desktop. 

[0017] The method of deploying, accessing, and executing pro- 
cess software through the virtual private network further 
includes: determining if the virtual private network is 
available for site-to-site access, or installing equipment 
required to establish the site-to-site virtual private net- 
work, and installing large scale encryption into the virtual 
private network; and accessing the process software on 
the site-to-site configuration. The step of accessing the 
process software further comprises dialing into the net- 
work access server or attaching directly via a cable or DSL 
modem into the network access server. 

[0018] | n a second aspect, the present invention is directed to a 
method of autonomic building and updating access con- 
trol of referenced databases on documents shared via 
email, comprising: selecting a list of addressees in an 
email transmission to give access to the referenced 
databases; selecting the type of access for the selected list 
of addressees; constructing an email transaction to send 
to an originator, the email transaction including database 



and access requests for each of the addressees; con- 
structing database transactions to send to database 
servers; sending the database transactions to the 
database servers; matching the list of addressees and ac- 
cess requests to an access control list in the database; 
sending the email transaction to the addressees; request- 
ing forwarding approval by the addressees of the refer- 
enced databases from the originator; transmitting a for- 
warding approval or rejection from the originator to the 
addressee; and tracing email forwarding for the origina- 
tor. Selecting the type of access further comprises provid- 
ing a menu for the originator of the email transmission. 
Constructing the email transaction to send to the origina- 
tor further comprises sending the transaction to the origi- 
nator for access approval or rejection of the referenced 
databases. The database transactions comprise informa- 
tion from a database request table. The database servers 
process database access requests. The access control list 
is updated if the match is not complete. The method fur- 
ther comprises having the tracing of email include names 
and email addresses of any addressee. 
[0019] | n a third aspect, the present invention is directed to a 
program storage device readable by a machine, tangibly 



embodying a program of instructions executable by the 
machine to perform method steps for building and updat- 
ing access control for referenced databases in documents 
sent via email by an originator to addressees, the method 
steps comprising: dynamically updating an access control 
list of the addressees for the originator of the email; 
tracking distribution routes of the documents in a reposi- 
tory; and providing a request to the originator and a re- 
sponse from the originator to any of the addressees for 
approving, altering, or rejecting the forwarding of the ref- 
erenced databases in the documents. The program stor- 
age device further comprises the method steps of building 
and accessing the document through usage of a common 
email system, tracking recipients of the email that are 
linked to the document, and having the originator receive 
the request in the form of an email that provides a mech- 
anism for approving, rejecting, or altering each access 
control list for each new addressee. The program storage 
device further includes the method step of building an 
appropriate database transaction for each database 
server. 

[0020] | n a fourth aspect, the present invention is directed to a 
program storage device readable by a machine, tangibly 



embodying a program of instructions executable by the 
machine to perform method steps for building and updat- 
ing access control for referenced databases in documents 
sent via email by an originator to addresses, the method 
steps comprising: selecting a list of addressees in an 
email transmission to give access to the referenced 
databases; selecting the type of access for the selected list 
of addressees; constructing an email transaction to send 
to an originator, the email transaction including database 
and access requests for each of the addressees; con- 
structing database transactions to send to database 
servers; sending the database transactions to the 
database servers; matching the list of addressees and ac- 
cess requests to an access control list in the database; 
sending the email transaction to the addressees; request- 
ing forwarding approval by the addressees of the refer- 
enced databases from the originator; transmitting a for- 
warding approval or rejection from the originator to the 
addressee; and tracing email forwarding for the origina- 
tor. The program storage device further comprises the 
method steps of sending the transaction to the originator 
for access approval or rejection, and administering access 
approval for viewing, editing, or administrating the refer- 



enced databases. 
Brief Description of Drawings 



[0021] The features of the invention believed to be novel and the 
elements characteristic of the invention are set forth with 
particularity in the appended claims. The figures are for 
illustration purposes only and are not drawn to scale. The 
invention itself, however, both as to organization and 
method of operation, may best be understood by refer- 
ence to the detailed description which follows taken in 
conjunction with the accompanying drawings in which: 

[0022] pig. 1 is a flowchart of the application process. 

[0023] pig. 2 is a continuation of the flowchart of Fig. 1 of the 

application process. 
[0024] Fig. 3 is a continuation of the flowchart of Fig. 1 of the 

application process. 
[0025] Fig. 4 is a sample database request table. 

[0026] Fig. 5 is a schematic of the system architecture for the ap- 
plication process. 

[0027] Figs. 6A and 6B are flowcharts of the process flow for de- 
ployment of the process software. 

[0028] Figs. 7 A and 7B are flow charts of the process flow for in- 
tegration of the software for autonomic building and up- 



dating of access control in email systems into a client, 
server, and network environment. 
[0029] pigs. 8A and 8B are flow charts of the process flow for 

sharing and simultaneously serving the process software 
of the present invention to multiple customers in an on 
demand format. 

[0030] pigs. 9A-9C are flow charts for deploying, accessing, and 
executing the process software through the use of a vir- 
tual private network. 
Detailed Description 

[0031] | n describing the preferred embodiment of the present in- 
vention, reference will be made herein to Figs. 1-9 of the 
drawings in which like numerals refer to like features of 
the invention. Features of the invention are not necessarily 
shown to scale in the drawings. 

[0032] The present invention defines a software application and 
corresponding architecture to implement the application 
that dynamically updates the access control list for 
databases referenced within a document, and keeps track 
of the distribution routes of the document in a knowledge 
repository where the document is built and accessed 
through usage of a common email system. The access 
control list and distribution routes are built by tracking 



recipients of the email message linked to the document. 
Some recipients may be disabled by the originator from 
having access to the document links within the document, 
while others may designate with the originator's approval 
of access for selected persons or groups. 
[0033] The software may be implemented in numerous software 
languages that are compatible with the system hardware, 
and is not limited to any one particular software language. 
Moreover, various hardware schemes may be constructed 
to implement the application software, such that the pro- 
cess is not limited to a singular, specific hardware config- 
uration. 

[0034] By way of example, the workings of the instant invention 
can be summarized using the following application sce- 
nario. An originator of a company confidential document 
works on-site at one of the company's facilities. The orig- 
inator has a document containing links to databases that 
explain or provide important information regarding a pro- 
posed system, which he would like to share with anyone 
in the organization that is interested and has a bonafide 
need to know. Unfortunately, the originator himself is only 
aware of his direct colleagues who would be interested in 
the document. He is unaware of others throughout the or- 



ganization, including those off-site, that may have a need 
for his proposed system, may be in a position to provide 
direct input to his proposal, or may simply be interested 
in a collateral manner in his design by for example a mar- 
keting department, an investment decision board, or other 
such collaterally interested parties. The originator sends 
the document to his team of direct colleagues via email. 
Since the originator would like to share the linked 
databases within the document with others, and control 
the access to the linked databases within the document, 
he identifies and allows only certain individuals of those 
to whom he first sent the document to have the authority 
to access the linked databases the document. After one of 
the first tier recipients reviews the document, the first tier 
recipient may forward it on to others, the second tier re- 
cipients. Importantly, the second tier recipients must re- 
ceive the access authority from the originator to view the 
database links within the document. Some recipients may 
not have this access authority and will be denied by the 
system if they attempt to access the database links within 
the document. 

[0035] For those first tier recipients with authority from the origi- 
nator to access database links within the document, the 



documents may be forwarded with a request from the first 
tier recipients to the originator to allow access authority 
to the selected second tier recipients. Thus, the second 
tier of recipients may or may not have the authority to ac- 
cess the linked databases referenced within the docu- 
ment. This access authority allows recipients to view the 
linked databases only at the discretion of the originator. 
Moreover, the second tier recipients may also forward the 
document with the same restrictions on access authority 
to the database links, where knowledge and approval of 
the originator is required for viewing the databases. 
Through this access control, individuals and groups, not 
at first known to the originator as being interested re- 
viewers, may view the referenced databases through se- 
cured channels based on the originator's selection of re- 
cipients and those the originator authorizes for access to 
the referenced databases within the document. Impor- 
tantly, the originator reviews and acknowledges authority 
for access to the referenced databases for every potential 
recipient including those outside his own direct group of 
interested people. The originator also determines which 
repository the document should be submitted. The for- 
warding of the document with access control for the 



database links by the originator allows for other attention 
to be drawn to the document outside the originator's ini- 
tial group and the originator's initial awareness. 

[0036] After waiting a period of time, for example a couple of 
days, the originator may decide to trace his document. 
This will allow him to know which persons, departments, 
or organizations have been exposed to the document, and 
those who may have been provided access authority to the 
referenced databases within the document. Before the 
originator develops his document further, he is able to 
view the information provided along with the trace. This 
information includes identification of people and groups 
who can support him to further develop his document and 
bring it to the attention of key decision makers. 

[0037] pigs. 1-3 depict the application flow for the present in- 
vention. Referring to Fig. 1, the process commences 100 
by having the originator add addresses for first tier recipi- 
ents 101 to an email that has database links attached 
thereto. The originator is the first person to construct the 
email, and is the first person to distribute the email. The 
originator must first decide whether to give access to the 
databases 102 to the first tier addressees on the email for 
the database links included therein. If the originator does 



not authorize access to any of the first tier recipients, this 
application exits 103 since the originator is not interested 
in tracing the document or allowing this set of addressees 
to view the referenced databases. If the originator decides 
to give certain first tier recipients access to the databases 
linked in the document, he would select which recipients 
are authorized to view selected linked databases from the 
list of addressees 104. The list of databases is accessed 
after addressing the email. The application software of the 
present invention makes a menu available on request that 
contains the list of addressees, available databases, and 
the choice of access type to give each addressee for each 
database 105. The choices include, but are not limited to, 
view, edit, audit, and various other administrative func- 
tions. The originator's name and address is automatically 
placed in the header of the email. All of this information is 
placed in a database request table, and the database re- 
quest table is then placed in the header of the email. A 
sample database request table is illustrated in Fig. 4. Once 
the original email is entered into the system, the applica- 
tion software checks to see if it is the first time this email 
is being distributed 106, i.e., if it came directly from the 
originator. If it is the first time for distribution 108, 



database transactions are then constructed and sent to 
the database servers. The database transactions contain 
the information from the database request table. If it is 
not the first time of distribution, an email transaction is 
constructed for the originator 107. This is a transaction 
containing database and access requests for each second 
tier addressee that is sent to the originator for his ap- 
proval. The database transactions contain the same infor- 
mation supplied in the database request table. When an 
email transaction is constructed for the originator, an 
email request is sent to the originator 300, as depicted in 
Fig. 3. Addressees who wish to have others gain access to 
the databases send the email transaction to the originator 
for approval. The address of the originator is taken from 
the previously saved address in the header of the email 
sent to the addressees. The originator receives the re- 
quest 301 in the form of an email that provides a mecha- 
nism to approve, reject, or alter each access control list 
for each of the new addressees 302. The application then 
builds the appropriate transactions for the database 
servers 303. 

[0038] As shown in Fig. 2, for first time distributions, the 

database transactions are sent to the database servers, 



which will process the database access requests 200. The 
servers receive the transactions sent from the sender of 
the email 201, and processed by the database servers. 
This processing determines whether the list of addressees 
and the access requests for each addressee match the ac- 
cess control list (ACL) for each database 202. If a com- 
plete match cannot be made, the access control list is up- 
dated to match the database transaction 203. The email is 
then sent to the addressees 204. Once the addressees re- 
ceive the email 205, the application of the present inven- 
tion allows these first tier recipients to forward the email 
to a new list of addressees or second tier recipients while 
notifying and requesting the originator for access autho- 
rization of the linked database references within the 
emailed document for selected second tier addressees. If 
no forwarding is performed, the application exits 103. 
Else, the application loops back to have the originator se- 
lect which addressees to give access 104. Importantly, the 
originator is selecting which second tier addressees to 
give access to the database references within the docu- 
ment; the first tier recipient recommends which recipient 
should have access, but does not give authorization. The 
originator becomes aware of the forwarding when asked 



to authorize access to the referenced databases within the 
document. Through this process, the originator relies 
upon the first tier recipients to recommend the dissemi- 
nation of the information in the databases to those that 
the first tier recipients decide have a need to know, would 
benefit from the information, or could provide insightful 
comment. 

[0039] pig. 4 depicts an illustrative database request table for the 
present invention. Two databases are shown with associ- 
ated database servers. Addressees are given individual ac- 
cess by the originator as requested. The originator has the 
ability to limit the access to the referenced databases. For 
example, some recipients are entitled only to view the in- 
formation, while others may edit. 

[0040] As shown in Fig. 5, the application software of the present 
invention may be performed on conventional stored- 
program computer architecture 400. A system unit gener- 
ally includes processing, memory, mass storage devices 
such as disc and/or tape storage elements 401 and other 
elements, including network interface devices 402 for in- 
terfacing with the respective computer communications 
link 403. Video display units 404 permit the computer to 
display processed data and processing status to the oper- 



ator. Operator input devices 405 allow the operator to in- 
put data and control processing by the computer. The 
computers transfer information in the form of messages 
through network interface devices among each other over 
various communication links. 
[004 1 ] Method for Deployment 

[0042] while it is understood that the process software for auto- 
nomic building and updating of access control in email 
systems may be deployed by manually loading directly in 
the client, server, and proxy computers via loading a stor- 
age medium such as a CD, DVD, and the like, the process 
software may also be automatically or semi-automatically 
deployed into a computer system by sending the process 
software to a central server or a group of central servers. 
The process software is then downloaded and executed by 
client computers. Alternatively, the process software is 
sent directly to the client system via email. The process 
software is then either detached to a directory or loaded 
into a directory by a button associated with the email that 
executes a program on demand. The executed program 
detaches the process software into a directory. Another 
alternative is to send the process software directly to a di- 
rectory on the client computer hard drive. When there are 



proxy servers, the process software will select the proxy 
server code, determine which computers to place the 
proxy servers' code, transmit the proxy server code, and 
install the proxy server code on the proxy computer. The 
process software is then transmitted to the proxy server 
and stored therein. 

[0043] pigs. 6A and 6B detail the process flow for deployment of 
the process software. Referring to Figs. 6A and 6B, Step 
1000 begins the deployment. First, a determination is 
made regarding any programs that will reside on a server 
or servers when the process software is executed 1010. If 
such programs exist, the servers that will contain the exe- 
cutables are identified 2090. The process software for the 
server or servers is transferred directly to the servers' 
storage via an established protocol, such as file transfer 
protocol (FTP), and the like, or by copying though the use 
of a shared file system 2100. The process software is then 
installed on the servers 2110. 

[0044] Next, a determination is made on whether the process 
software is be deployed by having users access the pro- 
cess software on a server or servers 1020. If the users are 
to access the process software on servers, server ad- 
dresses are identified 1030 to store the process software. 



[0045] ^ is then determined if it is necessary to build a proxy 

server 2000 to store the process software. A proxy server 
is a server that sits between a client application, such as a 
Web browser, and a real server. It intercepts all requests 
to the real server in an attempt to fulfill the requests it- 
self. If it is not possible for the proxy server to fulfill the 
requests, then the proxy server will forward the request to 
the real server. The two primary benefits of a proxy server 
are to improve performance and to filter requests. If a 
proxy server is necessitated, then it is installed 2010. The 
process software is sent to the servers either via an estab- 
lished protocol, such as FTP, and the like, or it is copied 
directly from the source files to the server files via file 
sharing 2020. 

[0046] | n another embodiment, a transaction is sent to servers 
that contain the process software. The servers then pro- 
cess the transaction, and receive and copy the process 
software to the servers' file systems. Once the process 
software is stored at the servers, the users via their client 
computers access the process software on the servers and 
copy to their client computers file systems 2030. In a sep- 
arate embodiment, the servers automatically copy the 
process software to each client and then run the installa- 



tion program for the process software at each client com- 
puter. The user executes the program that installs the 
process software on his client computer 2120, and exits 
the process 1080. 

[0047] | n step 1040 determination is made whether the process 
software is deployed by sending the process software to 
users via e-mail. The set of users where the process soft- 
ware will be deployed are identified together with the ad- 
dresses of the users' client computers 1050. The process 
software is sent via e-mail to each of the users' client 
computers. The users then receive the e-mail 2050 and 
detach the process software from the e-mail to a directory 
on their client computers 2060. Each user executes the 
program that installs the process software on his client 
computer 2120 and exits the process 1080. 

[0048] |_ as t j a determination is made as to whether the process 
software will be sent directly to users' directories on their 
client computers 1060. If it is sent, the user directories 
are identified 1070. The process software is transferred 
directly to each user's client computer directory 2070. 
This can be done in several ways, such as sharing of the 
file system directories and then copying from the sender's 
file system to the recipient user's file system, or alterna- 



tively using a transfer protocol such as FTP, and the like. 
The users access the directories on their client file sys- 
tems in preparation for installing the process software 
2080. The users execute the program that installs the 
process software on their client computer 2120, then exit 
the process 1080. 
[0049] Method for Integration 

[0050] The process software for autonomic building and updat- 
ing of access control in email systems may be integrated 
into a client, server, and network environment by provid- 
ing for the process software to coexist with applications, 
operating systems, or network operating systems soft- 
ware, and installing the process software on the clients 
and servers in an environment where the process software 
will function. 

[0051] initially, one must identify any software on the clients and 
servers, including the network operating system, where 
the process software will be deployed, that is required by 
the process software or that work in conjunction with the 
process software. This includes the network operating 
system or other software that enhances a basic operating 
system by adding networking features. 

[0052] The software applications and version numbers are then 



identified and compared to a list of software applications 
validated to work with the process software. Those soft- 
ware applications that have not been validated for inte- 
gration are subsequently upgraded. Program instructions 
that pass parameters from the process software to the 
software applications are checked to ensure the parameter 
lists match the parameter lists required by the process 
software. Conversely parameters passed from the soft- 
ware applications to the process software are checked to 
ensure the parameters match the parameters required by 
the process software. The client and server operating sys- 
tems including the network operating systems are identi- 
fied and compared to a list of operating systems, version 
numbers, or network software, all previously tested to 
work with the process software. Those operating systems, 
version numbers, and network software that do not match 
the list of tested operating systems and version numbers 
are subsequently upgraded to the required level on the 
clients and servers. 
[0053] After ensuring that the software locale where the process 
software is to be deployed is at the correct version level 
validated to work with the process software, the integra- 
tion is then completed by installing the process software 



on the clients and servers. 
[0054] Referring to Figs. 7 A and 7B, step 2200 begins the inte- 
gration of the process software. Initially, a determination 
is made regarding process software programs that will 
execute on a server or servers 2210. If this is the case, the 
server addresses are identified 2220. The servers are 
checked to see if they contain software that includes the 
operating system applications, or network operating sys- 
tems (NOS), together with their version numbers, that 
have been validated with the process software 2230. The 
servers are also checked to determine if there is any miss- 
ing software that is required by the process software 
2230. 

[0055] The version numbers are checked for a match to the ver- 
sion numbers of the operating system, applications, or 
network operating systems, validated with the process 
software 2240. If all of the versions match and there is no 
required software absent, the integration continues 2270. 
If one or more of the version numbers do not match, then 
the unmatched software versions are updated on the 
servers with the correct software versions 2250. Addition- 
ally, any missing software required for operation is up- 
dated on the servers 2250. Installing the process software 



2260 completes the server integration. 

[0056] a process step is initiated to see if there are any programs 
of the process software that will execute on the clients 
2270. If no process software programs execute on the 
clients, the integration exits 2300. If software executes on 
the clients, the client addresses are identified 2280. The 
clients are checked for software that includes the operat- 
ing system, applications, or network operating systems, 
together with their version numbers, validated with the 
process software 2290. The clients are also checked to 
determine if there is any missing software that is required 
by the process software 2290. 

[0057] a determination is made as to whether the version num- 
bers match the version numbers of the operating system, 
the applications, or network operating systems, validated 
with the process software 2310. If all of the versions 
match and there is no required software absent, the inte- 
gration exits. 

[0058] if one or m0 re of the version numbers do not match, then 
the unmatched versions are updated on the clients with 
the correct versions 2320. In addition, if there is required 
software missing, it is also updated on the clients 2320. 
Installing the process software on the clients 2330 com- 



pletes the integration. 

[0059] Q n Demand Computing 

[0060] Business importance of On Demand computing is increas- 
ingly becoming a desired attribute. The process software 
of the present invention for autonomic building and up- 
dating of access control in email systems is shared; si- 
multaneously serving multiple customers in a flexible, au- 
tomated fashion. It is standardized, requiring little cus- 
tomization, and is scalable, providing capacity on demand 
in a pay-as-you-go model. 

[0061] The process software can be stored on a shared file sys- 
tem accessible from one or more servers. The process 
software is executed via transactions that contain data 
and server processing requests using CPU units on the ac- 
cessed server. CPU units are units of time such as min- 
utes, seconds, and hours on the central processor of the 
server. Additionally the assessed server may make re- 
quests of other servers that require CPU units. CPU units 
are an example that represents but one measurement of 
use. Other measurements of use include, but are not lim- 
ited to, network bandwidth, memory usage, storage us- 
age, packet transfers, and complete transactions. 

[0062] when multiple customers use the same process software 



application, their transactions are differentiated by the 
parameters included in the transactions identifying a 
unique customer and the type of service for that cus- 
tomer. All of the CPU units and other measurements of 
use that are used for the services for each customer are 
recorded. When the number of transactions to any one 
server begins to affect the performance of that server, 
other servers are accessed to increase capacity and share 
the workload. Likewise when other measurements of use 
such as network bandwidth, memory usage, and storage 
usage, approach a capacity that affects performance, ad- 
ditional network bandwidth, memory usage, or storage, is 
added to share the workload. 
[0063] The measurements of use for each service and customer 
are sent to a collecting server that sums the measure- 
ments of use for each customer. This is performed for 
each service that was processed anywhere in the network 
of servers that provides the shared execution of the pro- 
cess software. The summed measurements of use units 
are periodically multiplied by unit costs, and the resulting 
total process software application service costs are alter- 
natively sent to the customer or indicated on a web site 
accessed by the customer, which then remits payment to 



the service provider. 

[0064] | n another embodiment, the service provider requests 

payment directly from a customer account at a banking or 
financial institution. 

[0065] | n y e t another embodiment, if the service provider is also 
a customer of the customer that uses the process soft- 
ware application, the payment owed to the service 
provider is reconciled to the payment owed by the service 
provider to minimize the transfer of payments. 

[0066] Referring to Figs. 8A and 8B, the On Demand process 
commences at step 2400. A transaction is created con- 
taining the unique customer identification, the requested 
service type, and any service parameters that further 
specify the type of service 2410. The transaction is then 
sent to the main server 2420. In an On Demand environ- 
ment, the main server can initially be the sole server, and 
then as capacity is consumed, other servers may be 
added. The server central processing unit (CPU) capacities 
in the On Demand environment are queried 2430. The 
CPU requirement of the transaction is estimated, and the 
servers' available CPU capacity is compared to the trans- 
action CPU requirement to see if there is sufficient capac- 
ity in any server to process the transaction 2440. If there 



is not sufficient server CPU available capacity, then addi- 
tional capacity is allocated to process the transaction 
2480. If there is already sufficient CPU capacity available, 
the transaction is sent to a selected server 2450. 

[0067] Before executing the transaction, a check is made of the 
remaining On Demand environment to determine if the 
environment has sufficient available capacity for process- 
ing the transaction. This environment capacity consists of 
such things as network bandwidth, processor memory, 
storage, and the like 2460. If there is not sufficient avail- 
able capacity, capacity is added to the On Demand envi- 
ronment 2470. The required software to process the 
transaction is then accessed and loaded into memory. The 
transaction is then executed 2490. 

[0068] The usage measurements are recorded 2500. The usage 
measurements consist of the portions of those functions 
in the On Demand environment that is used to process the 
transaction. The usage of such functions as network 
bandwidth, processor memory, storage and CPU cycles are 
recorded. The usage measurements are summed, multi- 
plied by unit costs, and recorded as a charge to the re- 
questing customer 2510. 

[0069] on Demand costs may be posted to a web site 2530 if the 



customer has so requested. Or the customer may request 
2540 that the On Demand costs be sent via e-mail to a 
customer address 2550. If the customer has requested 
that the On Demand costs be paid directly from a cus- 
tomer account 2560, then payment is received accordingly 
2570. 

[0070] virtual Private Networks 

[0071] The process software for autonomic building and updat- 
ing of access control in email systems may be deployed, 
accessed, and executed through the use of a virtual pri- 
vate network (VPN), which is any combination of technolo- 
gies that can be used to secure a connection through an 
otherwise unsecured or untrusted network. The use of 
VPNs is to improve security and to reduce operational 
costs. The VPN makes use of a public network, usually the 
Internet, to connect remote sites or users together. In- 
stead of using a dedicated, real-world connection such as 
leased line, the VPN uses "virtual" connections routed 
through the Internet from the company's private network 
to a remote site. Access to the software via a VPN can be 
provided as a service by specifically constructing the VPN 
for purposes of delivery or execution of the process soft- 
ware, for example when the software resides elsewhere. 



The lifetime of the VPN may be limited to a given period 
of time or a given number of deployments based on an 
amount paid. 

[0072] The process software may be deployed, accessed and ex- 
ecuted through either a remote-access or a site-to-site 
VPN. When using remote-access VPNs the process soft- 
ware is deployed, accessed and executed via the secure, 
encrypted connections between a company's private net- 
work and remote users through a third-party service 
provider. The enterprise service provider (ESP) sets a net- 
work access server (NAS) and provides remote users with 
desktop client software for their computers. The telecom- 
muters are then able to dial a toll-free number or attach 
directly via a cable or DSL modem in order to reach the 
NAS and use their VPN client software to access the cor- 
porate network and to access, download, and execute the 
process software. 

[0073] when using the site-to-site VPN, the process software is 
deployed, accessed, and executed through the use of 
dedicated equipment and large-scale encryption that may 
be used to connect a company's multiple fixed sites over a 
public network such as the Internet. 

[0074] The process software is transported over the VPN via tun- 



neling which is the process of placing an entire packet 
within another packet and sending it over a network. The 
protocol of the outer packet is understood by the network 
and interface points, called tunnel interfaces, where the 
packet enters and exits the network. 

[0075] Referring to Figs. 9A-9C, step 2600 begins the Virtual Pri- 
vate Network (VPN) process. A determination is made to 
see if a VPN for remote access is required 2610. If re- 
quired, the system checks to see if a remote access VPN 
exists 2640. If one does not exist, a third party provider is 
identified that will provide the secure, encrypted connec- 
tions between the company's private network and the 
company's remote users 2760. The company's remote 
users are identified 2770. The third party provider then 
sets up a network access server (NAS) 2780 that allows 
the remote users to dial a toll free number or attach di- 
rectly via a cable or digital subscriber line (DSL) modem to 
access, download, and install the desktop client software 
for the remote-access VPN 2790. 

[0076] After the remote access VPN has been built or if previ- 
ously installed, the remote users may access the process 
software by dialing into the NAS or attaching directly via a 
cable or DSL modem into the NAS 2650. This allows entry 



into the corporate network where the process software is 
accessed 2660. The process software is transported to the 
remote user's desktop over the network via tunneling. The 
process software is divided into packets and each packet 
including the data and protocol is placed within another 
packet 2670. When the process software arrives at the re- 
mote user's desktop, it is removed from the packets, re- 
constituted and executed on the remote users desktop 
2680. 

[0077] when a VPN for remote access is not required, a determi- 
nation is made to see if a VPN for site to site access is re- 
quired 2620. If it is not required, the process exits 2630. 
Otherwise, determination of the site to site VPN is made 
2690. If the site to site VPN does not exist, dedicated 
equipment required to establish a site to site VPN must be 
installed 2700. Large scale encryption is then built into 
the VPN 2710. After the site to site VPN has been built or 
if it had been previously established, the users access the 
process software via the VPN 2720. The process software 
is transported to the site users over the network via tun- 
neling. That is the process software is received by being 
divided into packets, each packet including the data and 
protocol placed within another packet 2740. When the 



process software arrives at the remote user's desktop, it is 
removed from the packets, reconstituted, and executed 
on the site users desktop 2750. 

[0078] Autonomic building and updating of access control in 

email systems is possible through the implementation of 
the present application. Software that is capable of per- 
forming the functional steps described in Figs. 1-3 will al- 
low an originator to be informed of the recipients that 
were not on the originator's initial access list through a 
selective dissemination process whereby the originator 
delegates selection of second tier recipients to the discre- 
tion of the first tier recipients, and then authorizes the 
level of access control for each recipient. The originator is 
also able to track the dissemination trail of reviewers, so 
that the originator can more accurately assess the valued 
perception of the information by others. 

[0079] while the present invention has been particularly de- 
scribed, in conjunction with a specific preferred embodi- 
ment, it is evident that many alternatives, modifications 
and variations will be apparent to those skilled in the art 
in light of the foregoing description. It is therefore con- 
templated that the appended claims will embrace any such 
alternatives, modifications and variations as falling within 



the true scope and spirit of the present invention. 
[0080] Thus, having described the invention, what is claimed is: 



